static nat and port

bluesea2010 · ‎05-01-2020

Hi,

object-group service DM_INLINE_SERVICE_1
service-object object 8069

access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any object Obj-192.168.100.100
object network 192.168.100.100
nat (DMZ,Outside) static 1.1.1.1

users are accessing using https://1.1.1.1:8069

I need to change the port from 8069 to 8080 without changing in the server .

How can I change it in the NAT

Thanks

Sheraz.Salim · ‎05-01-2020

Just change the port number that it.

object service 8080
 service tcp destin eq 8080
!
object-group service DM_INLINE_SERVICE_1
service-object object 8080
!
object network 192.168.100.100
nat (DMZ,Outside) static 1.1.1.1
!
access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any object Obj-192.168.100.100

please do not forget to rate.

bluesea2010 · ‎05-01-2020

Hi,
I am sorry , I could not convey my requirement .
The port is on the server is 8069 , I want to give port 8080 to the public instead of 8069
I mean firewall should translate from 8080 to 8069
Thanks

Sheraz.Salim · ‎05-02-2020

sorry i am confused what you asking. you saying user coming from outside interface with any random ip address with random port need to hit server 8089 but before hitting its need to change the port 8089 to port 8080?

please do not forget to rate.

bluesea2010 · ‎05-02-2020

Hi,
I 'll make it simple , like static nat , I want to translate the port also .
the user connect to the port 8080 and asa would translate to 8069
Thanks

Sheraz.Salim · ‎05-02-2020

object network 192.168.100.100
nat (DMZ,Outside) static 1.1.1.1 service tcp 8080 8069
!
access-list Outside_access_in extended permit tcp any object Obj-192.168.100.100 eq 8080

now when end user open a url 1.1.1.1:8080 asa will do the translation to port 8069.

please do not forget to rate.